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[57] ABSTRACT 

An encryption module for encrypting financial and other 
sensitive data may be conveniently interposed in series 
between a personal computer and the keyboard associated 
therewith. An application program designed to run on the PC 
is configured to prompt the user to enter his PIN or other 
confidential data into the encryption module; consequently 
the confidential data need not be transmitted in an unen- 
crypted fashion, and need not reside on the PC hard drive in 
an unencrypted form. 
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METHODS AND APPARATUS FOR industry regulations are calculated to limit the extent to 

SECURELY ENCRYPTING DATA IN which confidential data may be transmitted in a non- 

CON J UNCTION WITH A PERSONAL encrypted form. In the context of a PC used to remotely 

COMPUTER effect a commercial transaction, it is possible to encrypt the 

5 confidential data at the PC and thereafter transmit the 

CROSS-REFERENCE TO RELATED encrypted data to the host computer. However, presently 

APPLICATIONS known systems generally require that the confidential data 

(e.g., PIN) be entered into the computer via the keyboard 

This application is a continuation-in-part of, and claims associated with the PC, whereupon the PC's processor 

the benefit of, U.S. application Ser. No. 08/609,273, filed 3Q ^015 thc encryption process. Thus, the data is essentiaUy 

Mar. 1, 1996, which itself is a continuation of, and claims the transmitled from the keyboard to the PC mother board over 

benefit of, U.S. application Ser. No. 08/210,200 filed Mar. the physical ^rcs connecting the keyboard to the PC box. 

18, 1994, now U.S. Pat. No. 5,517,569, issued May 14, Thereafter, the unencrypted data, i.e., prior to completing the 

1996. encrypting process, necessarily resides on the mother board, 

TTrrHMir at Pi ft n 15 ^ 0T exam pl e P^or to and during the encryption process. It is 

ifcCHNl^AL, mzlaj believed that sophisticated electronic "listening" devices 

The present invention relates, generally, to methods and could thus be employed to detect the confidential data 

apparatus for encrypting and manipulating confidential data between the time it is entered into the keyboard by the user 

and, more particularly, to techniques for transmitting and the time at which encryption is complete, 

encrypted data to a host computer from a remote personal 20 A system is thus needed which overcomes the shortcom- 

computer. ings of the prior art. 

BACKGROUND ART AND TECHNICAL SUMMARY OF THE INVENTION 

PROBLEMS ^ e p resent invention provides methods and apparatus for 

Systems for performing financial transactions from a 25 transmitting encrypted data which overcomes the shortcom- 

remote location, e.g., the home, office, or retail facility, are ings of the prior art. 

becoming increasingly popular. The proliferation of per- In accordance with one aspect of the present invention, a 
sonal computers, and particularly in conjunction with system for transmitting encrypted data comprises a host 
modems, permits a consumer to effect bill paying, retail ^ Q computer connected to a remote data processing device (e.g., 
purchasing, banking, and other commercial transactions a desktop -type PC, laptop computer, or the like) which 
remotely, thus avoiding the need to travel to attend to routine includes a keyboard or other suitable mechanism for enter- 
commercial matters. ing confidential data into the remote device. In accordance 

Presently known systems typically comprise a host com- with a first embodiment of the invention, the remote pro- 
puter located at a central data processing site, which is 35 cessing device comprises a laptop PC having an integral 
configured to communicate with a large number of remote alphanumeric keyboard, with an encryption module con- 
personal computers (PC). When an individual desires to nected to the PS/2 port of the laptop. In accordance with this 
effect a financial transaction, for example to order merchan- first embodiment, the encryption module comprises a key- 
dise and pay for the merchandise or services via a credit pad or other data capture device which permits the user to 
account, debit account, digital "coins" or the like, the user 4Q directly enter confidential data (e.g, PIN) into the encryption 
constructs a data link between his PC and the host computer module. The encryption module thereafter encrypts the 
via the PC's modem. Upon ordering the appropriate confidential data and transmits the encrypted data to the 
merchandise, the user may enter an account (e.g., credit laptop PC, whereupon the encrypted data may be transmit- 
card) number corresponding to the account to which the ted to the host computer via modem. In this way, the data 
merchandise is to be charged. The purchase request is then 45 need not reside in the PC in an unencrypted form; moreover, 
transmitted from the PC to the host computer, whereupon the the data is transmitted from the encryption module to the 
transaction is verified by the host computer. laptop in an encrypted form, thereby reducing the risk that 

Presently known systems are limited, for example, in their * lectronic "^ning" devices may intercept the unencrypted 

ability to effect the real time transfers of funds, due to data. 

various problems associated with the transmission of 50 In accordance with a second embodiment of the present 

encrypted data. More particularly, real time transfers of invention, the encryption circuitry is integrated into a 

funds are typically effected through the use of an automatic keyboard, mouse, or other peripheral associated with a 

teller machine (ATM). In a typical ATM transaction, the user desktop, laptop, or other PC, such that confidential data may 

enters an account number onto a keypad or, alternatively, be encrypted in the peripheral device itself, whereupon the 

inserts a bank card into the ATM whereupon the account 55 confidential data is transmitted to the PC and manipulated by 

information is "read" from the magnetic strip located on the the PC in an encrypted form. 

back of the bank card. Thereafter, the user enters a personal In accordance with a third embodiment of the present 
identification number (PIN) into the keypad to enable the invention, a self-contained, stand-alone transaction module 
transaction. By properly entering the PIN associated with comprises a processor having an integral data acquisition 
the bank card, the fraudulent use of such cards is greatly 60 module (e.g., keypad) associated therewith, such that con- 
reduced. The extension of the aforementioned ATM para- fidential data may be entered into the keypad and encrypted 
digm to home use is problematic, however, in that presently within a single, integral unit, thus avoiding the need for 
known systems for transmitting encrypted data (e.g., PINS) transmission wires between a remote keypad and the encryp- 
are unsatisfactory. tion processing circuitry. 

More particularly, although techniques for encrypting 65 In accordance with a further aspect of the invention, the 

PINs and other confidential data and information are gen- encryption module may be configured to transmit and/or 

erally well known, current banking and other financial receive confidential data to and/or from a remote computer 
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in addition to the PC. The encryption module may also be performance of host computer system 102, and an audit 

equipped with various peripheral devices useful in entering system 116 which permits the operator of system 100 to 

data and information, for example magnetic head card periodically audit the data and information resident within 

readers, "smart card" or integrated circuit card QCC) host computer 102. 

readers, bar code readers, voice recognition devices, s fa discussed in greater detail below, various networks 

scanners, and the like. In this way, confidential data in 104-108 are suitably operated by independent entities which 

virtually any medium may be captured by the encryption desire to conduct business and/or other transactions with 

module and encrypted prior to transmission to the PC and/or various consumers through host computer 102, for example 

subsequent processing, such that the potential for the unau- wherein each of respective PCs U0A-110N are conve- 

thorized detection of the unencrypted data is minimized. 10 niently disposed within a consumer's home, office, retail 

outlet, and the like. 

BRIEF DESCRIPTION OF THE DRAWING r ' e , . t , t . 

uixja-x i^ov^x pjQijRES accordance with a preferred embodiment of the present 

invention, data, including confidential data, may be entered 

The present invention will hereinafter be described in into one of respective PCs 110, and encrypted as discussed 

conjunction with the 25 appended drawing figures, wherein 15 in greater detail below, the encrypted data thereafter being 

like numerals designate like elements, and transmitted from the PC to host computer 102 along a 

FIG. 1 is a schematic block diagram of a transaction suitable data link 118. In accordance with one aspect of the 

authorization system in accordance with the present inven- invention, data link 118 may comprise a transmission wire 

t j 0Q . (e.g., a telephone line, fiber optic cable, or the like) or 

' - . c # . . f fj/-> l • alternatively may comprise a wireless link, for example 

FIG. 2 is a front elevation view of a PC having an . j- * /nc\ *u •» ui j » 

, , . . j j * i_ **u microwave, radio frequency (RF) or other suitable data 

encryption module integrated therewith; . . * M 3 v 7 

J>r . , transmission medium. 

FIG. 3 is a schematic block diagram of an integral . . ^c a „ aA 

. & Referring now to FIG. 2, in accordance with a preferred 

encryption module; embodiment of the present invention, an exemplary PC 110 

FIGS. 4 and 6-10 are flow charts setting forth the opera- 25 ^ a screen 202, a box 204 for housing, inter 

tion of an exemplary application program executed by the ^ ^ computing circuitry associated with PC 110, a 

PC of FIG. 2 in accordance with the present invention; keyboard 206 connected to box 204 via a connector 210, and 

FIG. 5 is a display of various icons useful in conjunction a m0 use 208 useful in executing interactive programs. In a 

with the software shown in FIG. 4; ^ first preferred embodiment of the present invention, an 

FIG. 11 is an alternate embodiment of the encryption encryption module 214 may be conveniently interposed 

module shown in FIG. 2; between keyboard 206 and box 204, for example in series 

FIG 12 is a schematic block diagram of the functional with connector 210. In the illustrated embodiment, module 

aspects of the encryption module of FIG. 2; 214 suitably comprises a module connector 212 configured 

^„ „ . u . A -„ n f,u ftmW cc rt r « to permit easy installation of module 214. More particularly, 

FIG. 13 is a schematic circuit diagram of the processor 35 £ ^ rf nQ fa do ' ^ 

embodied in the encryption module of FIG. 2 a mating connector ( Qot shown) on box 204 during normal 

FIG. 14 is a schematic circuit diagram of the keypad operat ion of the PC. When it is desired to install module 214, 

shown in FIG. 2; connector end 216 may simply be detached from box 204, 

FIG. 15 is a schematic circuit diagram of an analog switch and a dis tal end 218 of connector 212 connected to box 204 

used in the encryption module of the present invention; 40 at me same site; connector end 216 of connector 210 is 

FIGS. 16 and 17 are schematic circuit diagrams of a suitably connected to module 214, for example in much the 

magnetic strip reader circuit; same manner as distal end 216 would otherwise be con- 

FIGS. 18-20 are schematic memory maps of various nected to box 204. In this way, module 214 may be conve- 

memory sectors associated with the processor of FIG. 13; 45 niently interposed between keyboard 206 and box 204 

FIGS. 21-36, are flow chart diagrams setting forth various without opening box 204, a procedure not readily acceptable 

functional features of the encryption module of the present to most computer users. 

invention; and In an alternate embodiment of the subject invention, the 
FIGS. 37-39, are block diagram schematic drawings of encryption circuitry and various of the peripheral devices 
various embodiments of the present inventioa 50 discussed herein associated with module 214 may be con- 
veniently incorporated into keyboard 206 during manufac- 
DETAILED DESCRIPTION OF PREFERRED tu re 0Ty retrofit, thus avoiding the need for at least the keypad 
EXEMPLARY EMBODIMENTS portion of module 214. 
Referring now to FIG. 1, a remote transaction system 100 With momentary reference to FIG. 3, yet a further alter- 
suitably comprises a host computer system 102 which may 55 native embodiment suitably comprises a self contained, 
be interfaced with one or more transaction networks, for integral module 300 including at screen 306, a computer 
example a bill paying network 104, a banking system 304, a keyboard 302, a modem connection 308, and an 
network 106, and various other network systems 108, for accessory connector 310 for interfacing module 300 with 
example state lottery purchase networks, retail shopping various preferred devices, for example bar code readers, 
purchase networks, mail order purchase networks, and the 60 smart card readers, magnetic strip readers and the like. In 
like. Remote transaction system 100 further comprises a accordance with the embodiment in FIG. 3, only those 
plurality of remote data processing terminals HOa-llOn, for components necessary to effect the specific functions dis- 
example a PC of the type typically used by a home con- cussed need be incorporated into module 300 resulting in 
sumer. Remote transaction system 100 may also comprise substantial cost savings over the PC embodiment shown in 
various diagnostic and maintenance apparatus, for example 65 FIG. 2. However, it will be appreciated that, for those 
a network transmit test system 112 and a network transmit consumers who already own a PC, the embodiment illus- 
receive system 114 suitably utilized to periodically test the trated in FIG. 2 may be preferable inasmuch as a conven- 
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tional PC may be readily adapted in accordance with the suitably entails procedures for permitting a user to order 

present invention by incorporating module 214 into PC 110. various products (e.g., grocery products) by entering the 

Referring now to FIGS. 4-10, an exemplary remote ordered item into PC 110. 

transaction application program useful in accordance with * n accordance with the further aspect of the invention, 

the present invention will now be described. s neighborhood shopping operation 410 may be further imple- 

, . , r ,™ A , , v 4 . mented with the use of a bar code reader in the following 

With particular reference to FIG. 4, a suitable application manner 

program may be executed using a (WINDOWS) format y ^ ^ m ^ a 

which presents the user with various ►menu selections. Those upc baf ^ Qr ^ rc ^ nting thc 

skilled in the art will appreciate that the user -may select particular product. A bar code reader assembly (not shown), 

various options using keyboard 206 or mouse 208 (see FIG. for example a hand held wandj may be suitably used by the 

2) as is known in the art. Although the subject application con sumer to enter into a memory array associated with the 

program is described herein in the context of thc WIN- Dar code re ader products which the consumer desires to 

DOWS embodiment, it will be appreciated that the subject purchase, for example from a grocery store. After accumu- 

invention may be implemented in the context of any con- i atmg pro ducts which the consumer desires to purchase for 

venient applications environment. 1 a p er j 0 d of time, the product digit stored in the bar code 

With continued reference to FIG. 4, upon activating the reader memory may be "dumped" into an appropriate 
WINDOWS capability of PC 110 (step 402), the user may memory location in PC 110 during the operation of, for 
select one of a plurality of menu options 406-416, for example, shopping operation 410. In this way, the consumer 
example by double clicking mouse 208 (step 404). More may select the products to be purchased over a period of 
particularly and with momentary reference to FIG. 5, the time, analogous to constructing a grocery list. When it is 
user may select banking operation 406 corresponding to icon desired to purchase the items, indicia of the accumulated list 
506, a bill paying operation 408 represented by icon 508, a may be transmitted via data link 118 (see FIG. 1) to host 
neighborhood shopping operation 410 represented by icon computer 102 whereupon a grocery network 108 retrieves 
510, a mail ordering operation 412 represented by icon 512, the data and assembles the groceries for the consumer. If 
a state lottery operation 414 represented by icon 514, a file desired, the grocery store cooperating with grocery network 
operations 416 corresponding to 516, at PC setup operation 108 may deliver the grocery items to the consumer's 
418 corresponding to icon 518, a hardware test operation residence, with the groceries being paid for in accordance 
420 corresponding to icon 520, a display time operation 422 with, inter alia, the principles set forth in bill paying opera- 
corresponding to icon 522, or a tutorial operation 424 ^ tion 408 or banking operation 406 as described in greater 
represented by icon 524. Although the illustrated icons detail below. 

shown in FIG. 5 are useful in the context of the illustrated Referring now to FIGS. 4 and 6, banking operation 406 

embodiment, it will be appreciated that any suitable icon or suitably permits the user to select one or more banking 

other mechanism for selecting various program options may options, for example a funds transfer operation 602, and 

be employed in the context of the present invention. ^ account inquiry operation 604, or a smart card funds transfer 

Moreover, the menu options set forth in FIGS. 4 and 5 are 606. In addition banking operation 406 may also permit the 

merely exemplary; various combinations of the menu user t0 ex jt to the main menu 400 (step 608). 

options shown in the Figures, alone or in combination with Referring now to FIGS. 6 and 7, funds transfer operation 

other menu options not set forth herein may also be su it a bly entails a selection of a particular bank account 

employed in the context of the present invention. 4Q ( step 610 ) for examp i e a savings account, checking account, 

With continued reference to FIG. 4, tutorial operation 424 money market account, and the like. When the account 

suitably entails an explanation of the various menu options which the user desires to debit is selected, the system 

and an explanation of how to use the options. Display time suitably prompts the user to enter an amount which is to be 

option 422 suitably displays the system time in any desired transferred or paid (step 702), for example by entering an 

format. Hardware test operation 420 is suitably configured 45 amount into PC 110 via keyboard 206 (704). If no amount 

to allow the user to verify the integrity of various hardware js entered after a predetermined time or if an incorrect 

components and preferable devices useful in the context of amount (e.g., "zero", a negative amount, or an amount which 

the present invention. exceeds the predetermined threshold), the system may 

Setup operation 418 suitably permits the user to configure resume its previous processing path (step 706). If a correct 

various parameters associated with the operation of the 50 amount of funds to be paid or transferred is entered by the 

system and methods discussed herein. user, the user may be suitably prompted to select the method 

File operation 416 suitably allows the user to manipulate of payment (step 708), whereupon a transaction request is 

various data structures useful in the context of the present suitably transmitted from PC 110 to module 214 (step 710), 

invention. as discussed in greater detail below. 

Lottery operation 414 may be configured to permit the ss In accordance with one aspect of the present invention, it 

user to purchase lottery tickets for example via modem from may be desirable to permit particular transactions, e.g., 

his state of residence or from any other state or municipality, transactions involving the transfer of money, only upon the 

depending on the regulation governing the sale of such satisfaction of certain threshold conditions. For example, it 

tickets. may be desirable to permit a funds transfer only if a receipt 

Mail ordering operation 412 suitably entails procedures 60 evidencing the transaction may be printed at a printer which 

for ordering merchandise from PC 110, for example from a is located proximate PC 110. 

mail order catalog. In this regard, module 214 (see FIG. 2) More particularly and with continued reference to FIG. 7, 

or, alternatively, box 204 may be suitably equipped with a the system may be suitably configured to confirm: (1) 

bar code reader so that merchandise may be automatically whether PC U0 is equipped with or otherwise has access to 

selected by scanning the bar code associated with the 65 a local printer; and (2) that the aforementioned printer is 

merchandise. The same bar code technique may also be equipped with paper upon which a receipt may be printed 

employed in the context of shopping operation 410, which (step 712). 
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If PC 110 either does not have a printer associated with it 
or if it has a printer but the printer it out of paper, the system 
may prompt the user to install an appropriate printer and/or 
paper (step 714), whereupon the system again checks to 
confirm the presence of a functional printer (step 718). If a 
functional printer still is not detected, an appropriate error 
message is generated. 

If it is determined that PC 110 has a functioning printer 
associated therewith, PC 110 is suitably configured to trans- 
mit a command to module 214 which causes module 214 to 
enter a "swipe" mode of operation (step 716), discussed in 
greater detail below in conjunction with FIGS. 27 and 28. 
The user may thereafter enter the appropriate account data, 
for example by swiping a transaction card through a mag- 
netic card reader, entering a smart card into a smart card 
reader associated with PC 110 entering account data via 
keyboard 206, or any other convenient mechanism for 
entering account data associated with PC 110 or modem 214 
(step 720). 

Referring now to FIG. 8, once the account data is entered, 
PC 110 may suitably be configured to display the account 
data on screen 202 (step 802). The particular transaction 
being performed by the user is of a type which does not 
require the transmission of confidential data (e.g., PIN), the 
account data and the funds transfer/bill payment data dis- 
cussed above may be assembled and transmitted to host 
computer 102 via data link 118 for processing (step 812). If, 
on the other hand, the particular transaction requires the 
entry of confidential information, the system may be suit- 
ably configured to prompt the user to enter such confidential 
information (step 804). 

More particularly, in order to facilitate the entry, encryp- 
tion and transmission of encrypted confidential data, PC 110 
may be suitably configured to send a command signal to 
module 214 to place module 214 into a "scan" mode (step 
806), as discussed in greater detail below in conjunction 
with FIGS. 21 and 25. In accordance with the embodiment 
shown in FIG. 2, the user may then enter such confidential 
information via the keypad associated with module 214 or in 
the context of the embodiment shown in FIG. 3, via keypad 
302, In the alternate embodiment discussed above wherein 
the encryption circuitry and/or software is integrated into 
keyboard 106, the user may enter the confidential informa- 
tion directly via keyboard 206. In any event, the manner in 
which module 214 (or module 300 in accordance with the 
embodiment shown in FIG. 3) receives, encrypts, and trans- 
mits the encrypted data is discussed more fully in conjunc- 
tion with FIGS. 21-29. 

Upon entering all the information necessary to reflect a 
particular transaction, the system may suitably prompt the 
user to determine whether the user desires to enter another 
transaction. If so, the system returns to step 702; if no further 
transactions are desired, PC 110 suitably packages and 
transmits the transaction data to host computer 102 via data 
link 118. In this regard, any suitable mechanism for data 
transmission may be employed, for example a modem 
connected to box 204 or, alternatively a modem connected 
directly to module 214 as discussed in greater detail below 
(step 812). 

Once host 102 has confirmed the transaction (step 814), 
the printer (not shown) associated with PC 110 and dis- 
cussed above suitably prints a transaction record (receipt) 
(step 816), and the system again returns to main menu 400 
(step 818). 

Returning now to FIG. 6, if the user desires to inquire as 
to an account balance and/or status (step 604), the system 
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may suitably be configured to prompt the user to select a 
particular account subject to inquiry (steps 612), whereupon 
the system suitably returns to step 712 (see FIG. 7). 
[f the user selects smart card fund transfer operation 606, 

S the system may be suitably configured to prompt the user to 
insert a smart card into an appropriate smart card reader 
module (step 614) (not shown). 

More particularly and with reference to FIG. 9, those 
skilled in the art will appreciate that integrated circuit cards 

10 (ICC), also known as smart cards, typically comprise a 
microprocessor embedded within the card, as well as an 
electronic mechanism for permitting data transfer to and 
from the card. That being the case, account information and, 
indeed, funds may be electronically "added" to or "sub- 

15 tracted" from the card by making appropriate modification 
to the data resident on the card. 

With continued reference to FIG. 9, if the user desires to 
add funds to the smart card (step 902), the system may be 
suitably configured to effect a process analogous to that set 

20 forth in FIG. 7; namely, the user may select an account from 
which funds are to be withdrawn and applied to the smart 
card, as well as the amount of funds to be so applied. The 
user may then be prompted to enter the smart card into a 
smart card reader/writer module (not shown) affiliated with 

25 either PC U0 or module 214 to effect the electronic update 
of the data resident on the smart card. In addition, the system 
may be configured to require a functioning printer as a 
prerequisite to effecting the foregoing smart card updating 
function, as desired. 

30 

If, on the other hand, the user desires to "withdraw" funds 
from the smart card (step 904), the system may prompt the 
user to select the destination of the funds withdrawn from 
the smart card (step 906), and to request the user to enter a 

3S PIN or other confidential data (step 908). In this regard, the 
entry of such confidential information is suitably effected in 
a manner analogous to that described below in conjunction 
with FIGS. 11, 14, and 25-28. Upon entry of the PIN, the 
smart card transaction may be suitably affected via the smart 
card reader/writer circuit (not shown) associated with either 

4 PC 110 or module 214. 

Referring once again to FIG. 4, upon the selection of bill 
paying operation 408, the system may be configured to 
prompt the user to add a new bill to the bill paying operation 

45 (step 1002 of FIG. 10). More particularly, the bill paying 
function of the subject system suitably entails a method of 
keeping track of various bills, for example department store 
bills, credit card bills, utility bills, and the like in conjunction 
with PC 110. If the user desires to add a new billing entity 

50 to the billing operation, for example a new department store 
charge account, the data corresponding to the new account 
may be entered into PC 110 by the user (step 1008), for 
example via keyboard 206. 
The system may be further configured to display various 

ss bills comprising billing operation 408 (step 1004 of FIG. 
10), permitting the user to either exit to the main menu (step 
1010) or, alternatively, to select a particular bill for payment 
(step 1006). Once a particular bill is selected for payment, 
the system is suitably configured to effect payment of the bill 

60 in accordance with the steps described in conjunction with 
FIG. 7. 

It will be appreciated that at various times during the 
execution of the foregoing application program, the users are 
required to enter various account, PIN, and other informa- 
65 tion and/or data into the system, for example via module 
214. Thus, in accordance with one aspect of the present 
invention, module 214 may be suitably configured to assume 
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a plurality of different modes, depending on the particular 
function then being effected. The circuitry comprising mod- 
ule 214 which permits module 214 to assume these various 
operational states will now be described, followed by a 
functional description of the various operational modes 
associated with module 214. 

With momentary reference to FIG. 11, module 214 may 
suitably assume any desired configuration, for example the 
sloping, contoured embodiment shown in FIG. 11. In 
particular, module 214 suitably comprises a housing 1100, 
for example an injection molded plastic housing similar to 
the conventional "mouse" typically employed in conjunc- 
tion with personal computers. In accordance with the 
embodiment shown in FIG. 11, module 214 suitably com- 
prises a keypad 1102, for example corresponding to the 
numbers 0-9, and further including inter alia, various 
functions, for example an enter (E) and cancel (C) button. 
Module 214 further comprises a card reader slot 1104 
configured to receive transaction cards of the type bearing a 
magnetic strip, and an ICC (smart card) slot 1106 configured 
to accept a smart card into read and/or write data to/from the 
smart card. 

Referring now to FIG. 12, module 214 suitably comprises 
a keypad circuit 1204 associated with keypad 1102 (FIG. 
11), a magnetic strip reader circuit 1206 associated with 
magnetic strip reader 1104, a microcontroller 1212, a 
modem 1202, a smart card reader circuit 1208 associated 
with ICC slot 1106, and a clock/data box 1218 configured to 
effect communication between microcontroller 1212 and 
box 204 via connector 212 as well as microcontroller and 
keyboard 206 via connector 210. In addition, module 214 
suitably comprises a control gate 1222 for selectively estab- 
lishing communication between module 214 and PC 110. 

With continued reference to FIG. 12 and further reference 
to FIG. 13, microprocessor 1212 suitably comprises a model 
MC68HC11E9 microprocessor manufactured by Motorola, 
Inc. Processor 1212 suitably interfaces with a power circuit 
1302 configured to apply 5 volts powered to V dd , and an 
oscillator circuit 1304 configured to apply a predetermined 
clock pulse to a clock port 1308, for example at a frequency 
in the range of 4 MHZ to 12 MHZ, and to most preferably 
8 MHZ. Processor 1212 further comprises a reset circuit 
1306 configured to selectively apply a reset signal to a reset 
port 1310 of processor 1212. 

In addition, processor 1212 is suitably equipped with the 
following input/output ports which, in the illustrated 
embodiment, are configured as follows: 
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-continued 



Port No. 


Function 


paO 


card swipe input/output (channel 1) 


pal 


card swipe input/output (channel 2) 


p&2 


modem interrupt 


p&3 


read/write 


pa4 


ale 


pa5 


cs 


pa6 


output to "system validation" LED 


pa7 


(smart card) read/write data 


pbO 


keypad row 1 


pbl 


keypad row 2 


pb2 


keypad row 3 


pb3 


keypad row 4 


pb4 


buffer enable 


pb5 


smart card clock 


pb6 


smart card control 


pcO 


dO parallel data interface to modem 


pel 


dl parallel data interface to modem 


pc2 


d2 parallel data interface to modem 
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20 



25 



Port No. 


Function 


pc3 


d3 parallel data interface to modem 


pc4 


d4 parallel data interface to modem 


pc5 


d5 parallel data interface to modem 


pc6 * 


66 parallel data interface to modem 


P c7 


d7 parallel data interface to modem 


pdO, pdl 


interface to pentec bar code reader data loader 


pd2 


pc clock 


P d3 


pc data 


pd4 


keyboard clock 


pd5 


keyboard data 


peO 


keypad column 1 


pel 


keypad column 2 


pe2 


keypad column 3 



Referring now to FIGS. 12-14, keypad 1102 is suitably 
connected with the various ports associated with processor 
1212 as set forth in FIG. 14. 

Refer now to FIGS. 12-13 and 15, control gate 1222 
suitably comprises an analog switch, for example a module 
no. 74HC4066 manufactured by Motorola, Inc. Switch 1222 
suitably comprises four internal switches a-d, which are 
suitably simultaneously controlled by the output of port pb4, 
such that internal switches a-d are either all open or all 
closed in accordance with the logic value of the output of 
port pb4. Generally speaking, in essentially all operational 
states of module 214, internal switches a-d will remain 
open, effectively isolating keyboard 206 from box 204. 
30 During the transparent mode (discussed below), internal 
switches a-d will typically remain closed, permitting normal 
communication between the keyboard and the PC. 

With continued reference to FIGS. 12-13 and 15, the 
buffer enable signal from port pb4 of processor 1212 is 
35 suitably applied to control gate 1222. In addition, the 
keyboard clock and keyboard data signals are transmitted 
between ports pd4 and pd5, respectively, of microprocessor 
1212 to a databus 1219 extending from switch 1222 to 
keyboard 206 via connector 210. Similarly, the PC clock and 
40 PC data signals are transmitted between ports pd2 and pd3, 
of microcontroller 1212 to a databus 1218 extending 
between control gate 1222 and box 204 (FIG. 1) via con- 
nector 212. 

Referring now to FIGS. 12, 13 and 16, a first embodiment 

45 of magnetic strip reader circuit 1206 associated with mag- 
netic strip reader 1104 (FIG. 11) suitably comprises a 
magnetic reader head 1602, for example a 1.6 micro henry 
inductor coil, respective first and second amplifiers 1604 and 
1606, for example model no. LM324a operational 

50 amplifiers, respective comparators 1608 and 1610, for 
example model no. LM393, and an inverting schmidt trigger 
1612, for example part no. 74HC14. 

More particularly and with continued reference to FIG. 
16, a transaction card of the type bearing a magnetic strip is 

55 suitably slid through magnetic strip reader 1104 of module 
214 (FIG. 11) such that the magnetic strip magnetically 
engages reader head 1602. The output of coil 1602 is 
suitably applied to the inverting input of amplifier 1606 
which suitably exhibits a gain on the order of 20. The output 

60 of amplifier 1604 is suitably applied to the noninverting 
input of amplifier 1606. The output of amplifier 1606 is 
suitably applied to the noninverting input of comparator 
1608 and to the inverting input of comparator 1610. By 
applying a determined threshold voltage to the inverting 

65 input of amplifier 1608, and by, also applying a predeter- 
mined threshold voltage to the non-inverting input of ampli- 
fier 1610, a series of logic hi and logic low pulses are applied 
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to the input of schmidt trigger 1612, which inputs are Upon entering the reset condition, system initialization is 

effectively rectified, squared and sharpened into a binary executed (step 2104). 

square wave by the schmidt trigger/comparator combina- More particularly and with momentary reference to FIG. 

tion. The output of schmidt trigger 1612 is a function of the 22, system initialization step 2104 suitably entails various 

output of coil 1602 and corresponds to the data which is s initialization steps (21046), including, inter alia: 

magnetically encoded into the magnetic strip which is drawn L Initializing the current mode to transparent mode, for 

through magnetic card reader 1104. The output of schmidt example by setting current mode, register 1804 (see 

trigger 1612 correspond to the channel 1 swipe data applied FIG. 18) to the transparent mode condition, as dis- 

to port paO of processor 1212. CUSfied ^ greater delail 5elow . 

Hie magnetic head reader circuit of FIG. 16 is particularly 10 2 Imtializlrjg previous mode register 1806 to "no mode"; 

useful in the context of cards bearing magnetic strips which _ T . . . . „ . . t t . . 

uaiiui muiw wuiHVAiui 5 6 v 3 i mUa i um g the system in terrupts to appropriate trigger 

comprise a single "track , or single column of magnetically characteristics* 

encoded information. Alternatively, many magnetic strips of . * . 

the type typically found on transaction cards comprise two 4 - Enabhn S fr0m the PC mterface buS (eg *' 

or more separate magnetic columns embedded within the 15 connector 212); and 

magnetic strip. In such cases, it may be desirable to employ 5. Initializing the PC interface temporary buffer 1808 to 

dual magnetic reader coils in the context of card reader slot "empty". 

The relevancy of the foregoing initialization steps are dis- 

More particularly and referring now to FIG. 17, an ; . n W*" detaiI below f *» ^n*™ with ensuing 

alternate embodiment of circuit 1206 suitably comprises 20 descnption of the operation of module 214 

respective first and second reader coils 1603a and 1603fc U P° n completing system unUahzaUon, the system enters 

which are suitably configured to read the corresponding first * s y stera state (step 2106), whereupon the sys em 

and second magnetic rails (not shown) comprising .he dual enters thc appropriate operational mode; ,n be contex 

rail magnetic strip associated with a transaction card. In the ° f s y stem st f «P. * e s .y stem ^ defau " ,0 transparent 

alternative embodiment shown in FIG. 17, the circuit essen- * mode, as set forth above in conjunction with system imtial- 

tially comprises two of the circuits shown in FIG. 16 aitloa s,e P 2104(f)). 

configured to generate respective outputs 1702 and 1704 . M ° re particularly, a preferred embodiment of me present 

which are suitably applied to respective ports P a0 and pal of "^ntion employs an mterrupt-based processing scheme 

ssor 1212 within module 214. Thus, as the system flows through the 

processor . 30 main operational loop set forth in FIG. 21, the system will 

Referring now, to FIGS. 18-20 and with momentary ^ ^ . u ^ pc no 

reference to FIG. 12, microcontroUerl2^ receipt of a "mode change" interrupt command from PC 110, 

pnses a random access memory (RAM) 1802, a read only ^ m2 moMt 2U ^ terminate ^ then 

memory (ROM) 1902 and an «^^™» u y P ro " current mode, and enter system redirect (step 2106), from 

grammable read only memory (EEPROM) 2002. 35 which ^ appropriate new operational mode may be 

More particularly, RAM 1802 suitably comprises, inter ente red. 

alia, respective memory sectors 1804-1836 corresponding FrQm the mam CQntrol loop governing the operation of 

to various addresses in RAM 1802. As discussed below in module 214 shown in FIG. 21, the system may enter any one 

conjunction with the operational states of module 214, of a number 0 f operational states as a result of a number of 

various predetermined data are suitably stored and retrieved 4Q predicate instructions. More particularly, the system may 

in data sectors 1804-1836 during operation of module 214. entef certain operationa j states as controlled by the execut- 

With continued reference to FIG. 19, the operating code able res ident within sector 1904 of ROM 1902. In 

(operational program) which controls the operation of mod- addition, the system may enter certain operational states as 

ule 214 is suitably stored in a first sector 1904 in ROM 1902. a result of comman d s received from PC 110, as set forth in 

Moreover, various interrupt sectors, useful in the operation 45 morc detail m conjunction with FIG. 23. 

of module 214 are suitably stored in a second sector 1906 Referring now to FIG. 23, PC 110 from time to time sends 

within ROM 1902. interrupt commands to module 214 via connector 212 (step 

Referring now to FIG. 20, EEPROM memory map 2002 2302). 

suitably comprises non-volatile memory for use in storing rj pon receipt of a PC interrupt, the interrupt data packet 

encryption keys associated with the encryption algorithm 50 received from PC 110 is suitably stored in sector 1808 of 

employed in the context of the present invention to encrypt ram 1802 (step 2304). The system then determines if the 

confidential data. More particularly, EEPROM 2002 suit- complete message (interrupt data packet) was received from 

ably comprises a first sector 2004 corresponding to future pc HO; if not, the system returns to main loop 2100. If a 

encryption keys, a second sector 2006 corresponding to the complete message is received at module 214, the system 

serial number of the initial encryption key and a third sector 55 determines if the data corresponds to a command instruction 

2008 corresponding to an encryption counter. In accordance or whether the message corresponds to other than a com- 

with one aspect of the present invention, any suitable mand instruction (step 2308). 

encryption algorithm may be employed by module 214, If the message corresponds to data other than a command 

module 300, or PC 110 in the context of the present instruction, the message is suitably stored in data output 

invention which provides adequate security against unau- 60 buffer 1810 of RAM 1802 (step 2310), for subsequent 

thorized detection of the underlying confidential data. processing, e.g., modem transmission to host computer 102. 

Referring now to FIGS. 21-38, the operation of system Thereafter, the contents of PC interface temporary buffer 

100, and particularly the operational states of module 214, 1808 are reset to empty (step 2320), then the system again 

will now be described. returns to its pre-interrupt state (step 2322). 

With particular reference to FIG. 21, upon powering up of 65 Returning now to step 2308 of FIG. 23, if the data 

module 214, a reset signal is applied to reset port 1310 of received is a command instruction, the system determines if 

processor 1212 (step 2102). the command instruction corresponds to a mode change 
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(step 2312). If not, the data is stored in command register The system detects whether a subsequent mode change 

1812 of RAM 1802 for possible subsequent use within the command has been received (step 2504); if so, the system 

then current mode (step 2316); the system then proceeds to returns to system redirect step 2104. If no mode change has 

step 2320, as described above. If the message received from occurred, module 214 waits until a keypress is detected (step 

PC 110 corresponds to a mode change command ("yes" S 2506) or, alternatively, until a mode change is detected (step 

branch from step 2312), the then current mode is written into 2504). 

previous mode register 1806 (step 2314), and the newly More particularly, processor 1212 scans ports pb0-^)b3 

received mode is written into current mode register 1804 of and ports pe0-pe2 (see FIG. 13) corresponding to rows 1-4 

RAM 1802 (step 2318). The system then proceeds to step and columns 1-3 of keypad 1102, respectively (see FIG. 14). 

2320, as described above. 10 When a keypress is detected, the system determines if the 

With continued reference to FIG. 21, upon receipt of a depressed key corresponds to one of the numbers 0-9 (step 

message from PC 110, processor 1212 interrogates current 2508); if so, module 214 suitably sends a signal to PC 110 

mode register 1804 and, in accordance with the contents of to cause a "dummy" indicia of the depressed key to screen 

register 1804, answers the appropriate operational mode 202 (FIG. 2). 

from main loop 2100. In the context of start up operation, the 15 More particularly, the operational program stored in sec- 
system is suitably configured to enter transparent mode (step tor 1904 of ROM 1902 (FIG. 19) of processor 1212 suitably 
2110). includes an operating code which permits module 214 to 

Referring now to FIG. 24, transparent mode 2110, just as communicate with PC 110 in a manner which emulates the 
with various other operational modes described below, manner in which conventional keyboards (e.g., keyboard 
determines whether a subsequent mode change has been 20 206) typically communicate with box 204. In a preferred 
received since entering transparent mode 2110 (step 2402). embodiment of the present invention, the operating code 
If a mode change is received, the system enters the system governing the operation of module 214 is suitably config- 
redirect state (step 2106); (see also FIG. 21) and enters the ured in accordance with any suitable protocol, for example 
newly selected mode. If a mode change has not occurred, the protocol employed by IBM in its PCs or any other 
processor 2112 interrogates previous made register 1806 to 25 suitable derivative or variant thereof, to thereby permit 
determine if the previous mode corresponds to transparent module 214 to communicate with box 204 in a manner 
mode (step 2404). If the previous mode corresponds to which emulates conventional communication between key- 
transparent mode, the system proceeds to step 2410. If the board 206 and box 204, data transmission and other corn- 
previous mode was not transparent mode, the system com- munication between module 214 and box 204 may be 
mands the keyboard to clear its internal buffers and to set 30 conveniently and efficiently carried out in a manner which is 
previous mode register 1806 to transparent (step 2408). essentially transparent to box 204; that is, when box 204 
More particularly, if the previous mode was not transparent receives data and/or information from module 214, box 204 
mode, it is possible that spurious keystrokes may have been interprets the data just as though box 204 had received it 
entered into keyboard 206, which keyboard data may be from keyboard 206. Similarly, when box 204 transmits data 
stored in buffers internal to keyboard 206 and not shown in 35 and/or information which is received by module 214, box 
FIG. 2. In order to prevent data corresponding to these 204 configures the data/information packages in the same 
spurious keystrokes from being transmitted to PC 110, the manner in which box 204 would normally configure the data 
keyboard internal buffers are cleared (step 2408). Thereafter, for receipt by keyboard 206. By leveraging presently known 
the system enables the interface between keyboard 206 and data transmission protocols in this manner, module 214 may 
PC 110 (step 2410). 40 be conveniently interposed in series between the keyboard 

More particularly, and with reference to FIGS. 12, 13, and and the keyboard port on the PC of essentially all PCs which 

15, step 2410 of FIG. 24 suitably entails processor 1212 comport with industry recognized protocol schemes, 

generating a buffer enable signal at port pb4, and transmit- With continued reference to FIG. 25, if a keypress cor- 

ting the buffer enable signal to control gate (switch) 1222. In responds to a 0 through 9, the system waits until the key is 

response, internal switches a-d of switch 1222 are closed, 45 released (step 2518) before capturing the data. In this way, 

establishing direct communication between PC 110 and the system desirably avoids capturing repetitive data which 

keyboard 206 through connector 212, bus 1218, switch may often be generated by many key pads which are 

1222, bus 1219, and connector 210. Thereafter, the system specifically configured to continuously generate repetitive 

continues to cycle through transparent mode 2110, permit- keystroke data when a particular key is held down by the 

ting normal operation of keyboard 206 with respect to PC 50 user. 

110. The system will continue to cycle through transparent Return now to step 2508, if the keypress was not a 0 

mode 2110 until a subsequent message is received from PC through 9, the system determines if the keypress corre- 

110. sponds to an "Enter'* (step 2512); if so, a message corre- 

Re turning now to FIG. 21, the system may also receive a sponding to an "Enter" command is transmitted from mod- 
command to enter scan mode (step 2112), for example in 55 ule 214 to PC 110 (step 2514), indicating that entry of the 
response to a scan mode request from PC 110 (see step 806, confidential data (e.g., PIN) is complete. If, on the other 
FIG. 8), whereupon processor 1212 causes module 214 to hand, the keypress does not correspond to an "Enter", the 
enter the scan mode of operation (step 2114). system determines the identity of the keypress. In the 

More particularly and referring now to FIG. 25 (scan context of the illustrated embodiment, If the keypress does 

mode 2114) generally involves "scanning 1 ' the circuitry 60 not correspond to a 0 through 9, and further does not 

associated with keypad 1102 (FIG. 14) to detect data (e.g., correspond to an "Enter", the system concludes that the 

PIN) entered into keypad 1102 by the user. keypress corresponds to a "Cancel" (step 2516). Thus, 

With continued reference to FIG. 25, scan mode operation module 214 transmits a message to PC 110 indicating that 

involves, inter alia, initializing PIN entry buffer 1814 of entry of the confidential data has been canceled by the user. 

RAM 1802 to empty (step 2502), to prepare the PIN buffer 65 Upon release of the depressed key by the user (step 2518), 

to receive data which is about to be entered onto keypad the system determines if the keypress corresponds to a 0 

1102 by the user. through 9 (step 2520); if so, the particular numeric keypress 
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is suitably stored in PIN entry buffer 1814 of RAM 1802 
(step 2524), and the system returns to step 2504 to await the 
next keypress. 

If the keypress corresponds to a "Cancel" (step 2522), the 
systems restores PIN entry buffer 1814 to empty (step 2528) 
and returns to step 2504 to await either a mode change or a 
subsequent keypress. 

If the keypress corresponds to an "Enter" ("yes" branch of 
step 2522), module 214 suitably encrypts the data stored in 
PIN enter buffer 1814 (step 2526), as discussed in greater 
detail below in conjunction with FIG. 26. 

Although the illustrated embodiment is described in the 
context of numeric (i.e., "0" through "9") PIN data, it will 
be appreciated that the confidential data entered into module 
214 may be of any suitable form, e.g., numeric, alpha, 
alphanumeric, ASCII, binary, or any other suitable modality. 

Referring now to FIG. 26, the encryption operation 2526 
suitably proceeds as follows. Once tie confidential data 
(e.g., PIN) is entered onto keypad 1102 by the user, proces- 
sor 1212 retrieves the data from personal account number 
register 1818 of RAM 1802 and the PIN from buffer 1814 
(step 2602). These data, alone or in conjunction with other 
data, are suitably combined and encrypted in any suitable 
matter (step 2602). In a preferred embodiment, these data 
may be suitably combined in accordance with ANSI speci- 
fication X9 .24 -1992. The data is suitably encrypted in accor- 
dance with ANSI standard X3.92-1981 or any other desired 
encryption technique. More particularly, the foregoing com- 
bination and encryption algorithms are desirably resident in 
operational program sector 1904 of ROM 1902, and operate 
in conjunction with encryption key information suitably 
stored in EEPROM 2002 (see FIGS. 19 and 20). By storing 
the encryption key data in nonvolatile memory (i.e., 
EEPROM), system integrity and security is enhanced. 

With continued reference to FIG. 26, upon encrypting the 
data in accordance with step 2602, the encrypted data is 
suitably written into the next successive location in 
encrypted PIN sector 1816 of RAM 1802 (step 2604). 
Thereafter, the address corresponding to the location in 
sector 1816 wherein the encrypted data is written is trans- 
mitted to PC 110 (step 2606). More particularly, and with 
momentary reference to FIG. 2, once the data is encrypted 
within module 214, the location of the encrypted data is 
transmitted to PC 110 via connector 212, such that unen- 
crypted confidential data need not be transmitted from 
module 214 to PC 110 in order to effect a transaction. 

After encrypting the data, processor 1212 suitably creates 
a new unique key for use in a subsequent encryption process 
and stores the new key in future encryption key sector 2004 
of EEPROM 2002 (step 2608). In accordance with one 
aspect of the present invention, the new encryption key may 
be generated in accordance with any suitable scheme which 
is compatible with the encryption algorithm executed in step 
2602. In accordance with a preferred embodiment, a new 
unique encryption key may be generated in accordance with 
ANSI X9.24-1992. 

Upon transmitting indicia of the encrypted data from 
module 214 to PC 110, PC 110 continues to execute the 
application program residence therein, as described above in 
detail in connection with FIGS. 4-10. 

Returning now to the main control loop 2100 of module 
214 (FIG. 21), module 214 may also elect to enter card 
swipe mode 2118 (step 2116). More particularly, and with 
momentary reference to FIG. 7, PC 110 may request module 
214 to enter the card swipe operational mode, for example 
at a point during the execution of the application software 
resident in PC 110 where such application software prompts 
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the user to swipe his transaction card through card swipe slot 
1104 of module 214 (FIG. 11), for example as discussed 
above in connection with step 716. 

Referring now to FIG. 27, upon entering the swipe 

5 operational mode, processor 212 suitably initializes (clears) 
respective swipe data input buffers 1820, 1822 of RAM 
1802 (step 2702). The system then looks for a mode change 
(step 2704), and returns to system redirect state 2106 if a 
mode change is detected. Otherwise, the system sets a swipe 

10 timeout counter to a predetermined maxtime during which 
the transaction must engage the card reader (step 2706). In 
a preferred embodiment, the predetermined value of this 
maxtime, on the order of 15 seconds, is suitably stored in 
swipe time-out register 1824, of RAM 1802. 

15 The time-out counter is successively decremented (step 
2708) until the software timer resident in sector 1824 
reaches zero (step 2710), whereupon the data then resident 
in buffers 1820, 1822 are transmitted to PC 110 (step 2714). 
Alternatively, rather than waiting until the maxtime counter 

20 counts down to zero, the "swiped" data may be transmitted 
to PC 110 when processor 1212 determines that respective 
input buffers 1820, 1822 are full (step 2712). 

Upon the first to occur of the timing out of these swipe 
timeout timer (step 2710) or a detection that the swipe input 

25 buffers are full (step 2712), the data within card swipe 
buffers 1820, 1822 are transmitted to PC 110 (step 2714). 

With momentary reference to FIGS. 12 and 16-17, recall 
that magnetic 15 strip reader circuit 1206 "reads" the data 
from the magnetic strip on a transaction card through 

30 magnetic head reader 1602 (or magnetic head readers 1603 
(a), 1603 (b) in FIG. 17) whereupon reader circuit 1206 
applies an output signal (corresponding to one or both of "ch 
1 swipe" and "ch 2 swipe") to ports paO and pal of processor 
1212, respectively, as discussed in detail above. 

35 More particularly and with reference to FIGS. 16 and 28, 
as a transaction card bearing a magnetic strip is drawn 
through card reader slot 1104 (see FIG. 11), magnetic reader 
head 1602 outputs alternating high and low voltage levels 
corresponding to the data encoded on the magnetic strip. 

40 Upon the detection of a first output level from schmidt 
trigger 1612, for example a logic high value, a hardware 
timer (not shown) resident in processor 1212 is stopped, and 
the time at which this timer is stopped is suitably saved in 
swipe timer register 1826 of RAM 1802 (see FIG. 18) (step 

45 2802). The card swipe timer is again reset to zero and 
restarted, awaiting the detection of a next predetermined 
voltage level from schmidt trigger 1612 (step 2802). 

In conjunction with the timer data retrieved in step 2802, 
processor 1212 determines if the output of schmidt trigger 

50 1612 corresponds to a predetermined logic state (e.g., a zero 
or a one) (step 2804). This logic data may then be stored in 
successive bit locations in the appropriate swipe input buffer 
(e.g., buffer 1820, 1822) (step 2804). The system then 
determines if the swipe input buffer(s) is full (step 2806). If 

55 the swipe input buffer is full, a buffer full flag is suitably set 
in swipe buffer full flag register 1828 of RAM 1802 (FIG. 
18) (step 2808), which permits processor 1212 to determine 
when the swipe input buffer(s) is full (see step 2712, FIG. 
27). 

60 Returning now to step 2806 of FIG. 28, if the swipe input 
buffers) is not full, the aforementioned software timer is 
reset to a maximum bit interval value (step 2810), and the 
process returns (step 2812) to the point at which it left the 
process set forth in FIG. 27, whereupon the process of FIG. 

65 28 is repeated on a bit-by-bit interrupt basis until all the 
appropriate data is "read" from the magnetic strip on the 
transaction card. Note, however, that the entire process of 
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accumulating the card swipe data occurs in a very short 
period of time, for example ten milliseconds to one second, 
as a card is drawn through card reader slot 1104 (FIG. 11). 

Returning now to FIG. 21, module 214 is also configured 
to enter print mode 2122 from main loop 2100 (step 2120) 
for example upon a request to do so from PC 110 (see step 
816, FIG. 8). 

Referring now to FIG. 29, print operation mode 2122 
suitably entails initializing the printer (step 2902), for 
example to establish various hardware and software param- 
eters associated with the printing process. In this regard, and 
as briefly discussed above, the printer may be affiliated with 
PC 110, for example by connecting a printer directly to box 
204, or by connecting the printer to PC 110 via a suitable 
networking configuration. Alternatively, the printer may 
interface directly with the encryption module, for example at 
connector 310 of module 300 (FIG. 3 or, alternatively, at 
peripheral device module 1200 of module 214 as shown in 
FIG. 12). 

With continued reference to FIG. 29, the system deter- 
mines if a mode change has occurred (step 2904) and, if so, 
returns to system redirect step 2906. 

The system then determines if the data to be printed is 
currently available, for example by interrogating data output 
buffer 1810 (FIG. 18) (step 2908). If the data is not available, 
the system returns to step 2902 to await the data to be 
printed. If the data is available ("yes" branch of step 2908), 
the system determines if the printer is ready (step 2930). In 
this regard, the printer to be checked will likely be connected 
to module 214, inasmuch as it would not typically be 
necessary to execute print operation 2122 if the printer were 
connected to PC 110. Stated another way, if PC 110 is 
equipped with a printer, the print operation may be con- 
trolled directly by PC 110, while the print operation as set 
forth in FIG. 29 is appropriately controlled by module 214 
if the printer employed in the context of the present inven- 
tion is interfaced with module 214. 

With continued reference to FIG. 29, if the printer is not 
ready, module 214 suitably sends a command to the PC 
indicating that the printer associated with module 214 is not 
ready. In this regard, PC 110 may prompt the user to correct 
the printer situation, for example as described above in 
conjunction with FIG. 7. 

If the printer associated with module 214 is ready, the data 
resident in data output buffer 1810 is transmitted to the 
printer, for example via serial bus 1211 (see FIG. 12). In 
accordance with the preferred embodiment, the data to be 
printed is transmitted to the printer in serial fashion; hence, 
the process set forth in FIG, 29 is desirably repeated until the 
data present in data output buffer 1810 is sequentially 
transmitted to the printer. 

Returning now to main loop 2100 (FIG. 21) and with 
reference to FIG. 30, module 214 is suitably configured to 
enter modem mode 2126 (step 2124), for example in 
response to a request to do so from, PC 110 (see step 710, 
FIG. 7). 

As briefly discussed above, the present invention may be 
configured to transmit data and information from PC 110 to 
host computer 102 in any convenient manner, for example 
via a modem associated with PC 110 or, alternatively, 
modem 1202 associated with module 214 (or modem con- 
nector 308 associated with module 300; FIG. 3). If data is 
transmitted from PC 110 via a modem associated with PC 
110, it would not generally be necessary for module 214 to 
execute modem operation 2126; rather, the modem opera- 
tion may be effectively carried out by PC 110. If, on the other 
hand, modem operation is to be effected through a modem 
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interfaced with module 214, it may be particularly, advan- 
tageous for processor 1212 to control the modem operation. 

With continued reference to FIG. 30, modem operation 
2126 suitably (entails an initialization of modem 1202 (step 

5 3002). module 214 then determines if a mode change has 
occurred (step 3004) and, if so, the system returns to system 
redirect 2106. If a mode change has not occurred, the system 
determines if data output buffer 1810 contains the data to be 
transmitted via modem (step 3006). If the data is not resident 
in buffer 1810, the system returns to step 3004 and continues 
cycling between steps 3004 and 3006 until the data is written 
into buffer 1810 or until a mode change occurs. 

When data output buffer 1810 contains the appropriate 
data to be transmitted via modem, processor 1212 retrieves 
the data from output 1810 and transmits the data via modem 

35 to host computer 102 (step 3008). When it is desired for 
module 214 to receive data via modem, for example from 
host computer 102, processor 1212 may be suitably config- 
ured to retrieve the data from modem 1202, for example at 
modem interrupt port pa2. 

20 Referring now to FIG. 31, PC 110 suitably transmits a 
request to module 214 to transmit data via the modem 
connected to module 214. More particularly, a modem 
interrupt message is applied to port pa2 of module 1212 by 
modem 1202. Module 214 then determines if the message 

25 corresponds to a "data received" interrupt (step 3102) or a 
modem transmit interrupt (step 3104). If a data received 
interrupt occurs ("yes" branch of step 3102), indicating that 
data has been received at modem 1202, the data received at 
modem 1202 is retrieved by processor 1212 and transmitted 

30 to the PC via connector 212 (step 3106). 

If the modem interrupt message corresponds to a modem 
transmit request (step 3104), processor 1212 retrieves the 
data to be transmitted from buffer 1810 and applies the data, 
for example on a byte-by-byte basis, to modem 1202 (step 

35 3108). 

If the modem interrupt corresponds to neither a data 
received or a data transmit message, an error message is 
suitably sent to the PC (step 3110). 

After data which is received at modem 1202 is retrieved 

40 and sent to PC 110 (step 3106), and after data is sent by 
processor 1212 from buffer 1810 to modem 1202 (step 
3108), the system returns (step 3112) to the low level 
process of FIG. 30, and the process is repeated for each 
successive interrupt generated by modem 1202. 

45 Referring now to FIGS. 21 and 32, module 214 may be 
suitably configured to enter bar code operational mode 2130 
(step 2128), for example in response to a request to do so 
from PC 110, Bar code operation 2130 suitably entails 
determining whether a mode change has occurred (step 

50 3302) and, if so, returning to system redirect step 2106. If a 
mode change has not occurred, data may be input from a 
general purpose module 1210, for example a bar code reader 
(step 3204). Once the bar code or other data is received by 
module 214, it may be appropriately transmitted to PC 110, 

55 as desired (step 3206). 

Referring now to FIGS. 21 and 33, module 214 may be 
suitably, configured to execute a smart card operation 2134 
(step 2132), for example in response to a request from PC 
110 to do so. In this regard, although many of the various 

60 functional features associated with module 214 (e.g., 
modem operation 2126, print operation 2122, swipe opera- 
tion 2118, and the like) are initiated in response to a request 
from PC 110 in accordance with the embodiment described 
herein, it will be appreciated that the various operational 

65 states of module 214 may suitably be effected in any desired 
manner, for example by entering appropriate commands 
directly into module 214. 
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With continued referenced to FIG. 33, smart card mode 
2134 suitably entails determining whether a mode change 
has occurred (step 3302) and, if so, returning to system 
redirect step 2106. 

If no mode change has occurred, the system determines if 
data is to be read from a smart card (step 3304). In this 
regard, and as briefly stated above, such a request may come 
from PC 110, or may be otherwise effected by the user, for 
example by entering a particular code or depressing other 
buttons (not shown) onto keypad 1102 (FIG. 11). 

If data is to be read from a smart card ("yes" branch of 
step 3304), data is retrieved by processor 1212, for example 
via smart card, reader 1208 (FIG. 12). Upon retrieving the 
data from the smart card, the data may be transmitted to PC 
110 (step 3306). 

As discussed above, module 214 may also be configured 
to write data into a smart card. In this case, the appropriate 
data to be written into the smart card may be suitably 
retrieved from data output buffer 1810 and applied to smart 
card circuit 1208 (steps 3308, 3310). 

Referring now to FIGS. 21 and 34, module 214 in the PC 
application software discussed above in conjunction with 
FIGS. 4-10 may be suitably configured such that the appli- 
cation software resident in PC 110 must first validate module 
214 before permitting the transmission of encrypted data or 
otherwise performing functions described herein. More 
particularly, in view of the importance of maintaining secu- 
rity in the context of real time funds transfer authorization, 
it may be desirable to permit PC 110 (e.g., through software) 
to confirm that module 214 embodies satisfactory security 
features before effecting transactions. 

With continued reference to FIGS. 21 and 34, module 214 
may be suitably configured to enter a system validation 
mode 2138 (step 2136), for example in response to a request 
from the user or from PC 110 to do so. System validation 
mode 2138 entails, inter alia, a determination of whether a 
mode change has occurred (step 3402) and, if so, the system 
may be configured to return to system redirect step 2106. 

Module 214 may then be configured to receive and/or 
retrieve validation data from PC 110, which validation data 
either confirms that the application software running on PC 
110 is compatible with module 214; alternatively, the vali- 
dation data may permit module 214 to run a self-check to 
determine if adequate security mechanisms are in place. 
Module 214 may then confirm that it is compatible with the 
software resident on PC 110 (step 3406). If the system 
determines that either module 214 or the application pro- 
gram running on PC 110 are not "valid" according to 
predetermined validation criteria, module 214 may be con- 
figured to either disable itself or to disable the software 
running on PC 110 step 3408). 

Referring now to FIGS. 21 and 35, module 214 may 
suitably be configured to execute a bit operation 2142 (step 
2140), for example in response to a request from PC 110 or 
the user to do so. 

Bit operation 2142 suitably determines if a mode change 
has occurred (step 3502) and, if so, returns the system to 
system redirect step 2106. If a mode change has not 
occurred, module 214 may execute any number of built-in 
tests (bits) (step 3504), for example testing various data 
transmission and retrieval processes, testing the presence 
and/or functionality of various peripheral devices, or execut- 
ing the various wraparound and/or auditing facilities set 
forth in FIG. 1. 

From time to time during the operation of PC 110, it may 
be desirable to transmit encrypted data from module 214 to 
PC 110. With continued reference to FIG. 21 and referring 
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also to FIG. 36, module 214 may thus be configures to 
selectively enter retrieval mode 2146 (step 2144), for 
example in response to a request to do so from the user or 
from PC 110. 

5 Retrieval mode 2146 suitably entails, inter alia, determin- 
ing whether a mode change has occurred (step 3602) and, if 
so, returning the system to system redirect step 2106. If a 
mode change has not occurred, indicating that the system 
remains in retrieval mode, module 214 waits for a request 

10 from PC 110 for the encrypted data, which request may 
include the address in sector 1816 of RAM 1802 (FIG. 18) 
where the desired encrypted data is stored (step 3604). Upon 
receipt of a request from PC 110 to transmit encrypted data, 
module 214 retrieves the encrypted data from an appropriate 

15 location in memory (e.g., encrypted PIN holding area 1816), 
and sends the encrypted data to PC 110 (step 3606). Upon 
doing so, processor 1212 may suitably reset encrypted PIN 
holding area 1816 back to empty. 

Referring now to FIGS. 37-39, various alternate embodi- 

20 ments of an encryption module in accordance with the 
present invention are illustrated. In connection with the 
embodiments shown in FIGS. 37-39, the concept of an 
encryption module is expanded to include an encryption 
module configured to be interposed between a PC and 

25 virtually any modality for inputting data to be encrypted, for 
example a keypad for manually entering confidential data, a 
serial port for receiving confidential data from virtually any 
electronic source, a smart card (or ICC) reader, a magnetic 
stripe reader, a bar code reader, a voice recognition circuit, 

30 an IRIS scanner, a finger print reader, thumb print reader, or 
palm print reader, a text scanner, or virtually any other type 
of input device. In this regard, it will be appreciated that the 
various input devices or hardware may be either integral 
with the encryption module (i.e., formed as a unitary con- 

35 struction with the encryption module), or the input devices 
may be connected to the encryption module via any secure 
medium. For example, the data input device may be con- 
nected to the encryption module via a hard wired commu- 
nication link, an infrared (IR) connection, a radio frequency 

40 (RF) coupled connection, or the like. 

In accordance with a preferred embodiment, it is desirable 
to isolate the communications link (either a hard wired link 
or otherwise) through which the data to be encrypted travels 
from the data acquisition device to the encryption module, 

45 on the one hand, from the generally non-propriety data 
communications bus (e.g, universal serial bus (USB)) which 
may facilitate communication between, inter alia, the 
encryption module and the PC. In this way, the unencrypted 
data remains isolated from the PC, rendering it nearly 

50 impossible to capture the unencrypted data from a modem or 
other device which may interface with the PC and which is 
not authorized to capture the unencrypted data. In the 
embodiment shown in FIGS. 37-39, it may also be desirable 
to configure the encryption module to receive confidential 

55 data from a remote source, for example from a credit card or 
a financial transaction authorization host computer, via 
telephonic, cable or RF link. In accordance with yet a further 
embodiment of the invention as illustrated in FIGS. 37-39, 
it may be desirable to configure the encryption module to 

60 communicate with one or more destinations for transmitting 
encrypted data, for example to a CRT, LCD or LED monitor, 
a credit card or financial transaction authorization host, a 
printer, or to another PC. 

Finally, it may be desirable to configure the encryption 

65 module to capture confidential data or information, and to 
transmit the unencrypted data to a local or remote destina- 
tion via a proprietary or otherwise secure communications 
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link; as an example, the encryption module may be config- 
ured to capture confidential data from, for example, a smart 
card (ICC), and to transmit that data to a local printer, 
computer, or other device for printing or viewing, i.e., by 
converting the unencrypted data from a smart card, 
keyboard, etc. into an encrypted insignia, for example, a 
two-dimensional bar code, or the like. This application may 
be particularly useful in the context of printing an insignia, 
wherein it is desirable to capture non-encrypted data, trans- 
form that data into encrypted printable data, e.g. (graphic, 
character, bar code) and then transmit the encrypted print- 
able data, to a printer, for example, to create a redeemable 
coupon, admittance ticket or postage. 

Finally, FIGS. 37-39 further illustrate applications of the 
subject encryption module wherein the module is equipped 
to receive encrypted e-mail or other text data online, and to 
thereafter decrypt the information, for example to display 
information (e.g., on the associated PC) in a secure, off-line 
manner. 

In this regard, the encryption module will protect the 
confidential but non-encrypted data from being intercepted 
by unauthorized persons that may be monitoring the unse- 
cure communications bus (e.g., USB, IEEE1394, or ADB). 
Referring now to FIGS. 37A-C, an encryption module 3702 
is suitably generally analogous in function to that described 
in conjunction with FIGS. 1-36. In particular, encryption 
module 3702 suitably includes circuitry for encrypting (and/ 
or decrypting) confidential data and information, for 
example by using encryption algorithms, techniques, keys, 
and the like which are resident within non-volatile ROM 
(i.e., EEPROM) or other secure data storage device com- 
prising module 3702; alternatively, encryption module 3702 
may be configured to receive encryption algorithms, 
techniques, and the like from a remote source, as discussed 
in greater detail below. 

With particular reference to FIG, 37A, encryption module 
3702 is suitably configured with a connector 3704 for 
interfacing module 3702 with a desktop PC, a laptop PC, or 
virtually any other type of computer or communications 
device. In particular, a communications link 3704, for 
example an RS/232 compatible link is configured to inter- 
face with the serial port of a PC or laptop computer. 
Inasmuch as this type of serial port typically communicates 
with a general PC databus (e.g., the PC's USB), it is 
desirable to ensure that the confidential data is first 
encrypted by module 3702 before being transmitted along 
link 3704 to the PC. Moreover, as briefly discussed above 
and as discussed in greater detail below, the data to be 
encrypted may be acquired by module 3702 in virtually any 
desired manner, for example through the use of a data 
acquisition device which is integral with module 3702 or, 
alternatively, by way of a data acquisition device which is 
connected to module 3702. In either case, the data to be 
encrypted may be acquired in virtually any manner, for 
example through the use of a PIN pad, keyboard, voice 
recognition circuit, scanner, magnetic stripe reader, smart 
card reader, external serial port (which can be the same as or 
different from the port to which link 3704 is connected), or 
the like. 

The present invention also contemplates embodiments 
wherein module 3702 comprises a PC peripheral device, for 
example a keyboard, mouse, scanner, pin pad, or other 
hardware device which may contain encryption capability. 

With continued reference to FIG. 37, module 3702 (and 
particularly as shown in FIG. 37 A) may be configured for 
connection to a keyboard port (e.g., a PS/2 port) of a 
conventional laptop computer, for example via communica- 
tions link 3704. 
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Referring now to FIG. 37B, module 3702 may suitably be 
equipped with one or more PC connectors 3706 and/or one 
or more of peripheral device connectors 3708. In accordance 
with a particularly preferred embodiment, connector 3706 

s may suitably be employed to connect encryption module 
3702 to a keyboard-type port on a conventional desktop 
and/or laptop computer, for example a PS/2 port, ADB port, 
parallel port, USB port, IEEE488-type port, or the like. In 
this regard, if the encryption module is connected to the 

10 "keyboard" port of a laptop which already comprises an 
integral keyboard, it may not be necessary to connect 
communications link 3708 to any other device; indeed, it 
may be desirable to omit connector 3708 from the device 
entirely. In accordance with a further embodiment, even in 

15 situations where the encryption module is connected to the 
keyboard port of a laptop device via connector 3706, it may 
nonetheless be desirable to connect the encryption module to 
a supplemental keyboard via connector 3708, as desired. In 
accordance with an alternate preferred embodiment, the 

20 device shown in FIG. 37B may be serially interposed 
between a keyboard port (via connector 3706) and a periph- 
eral device (including but not limited to a keyboard) via 
connector 3708, for example in the context of a conventional 
desktop computer. With continued reference to FIG. 37B, 

25 whether in the context of a desktop or a laptop computer, 
connector 3708 may facilitate the interaction between 
encryption module 3702 and virtually any type of device for 
inputting confidential data, as described above. 

Referring now to FIG. 37 C, an exemplary encryption 

30 module 3702 is suitably equipped to interface with a USB 
bus, an IEEE1394 firewire bus, or other general purpose bus 
of a PC via a connection 3710. For a more thorough 
discussion of general purpose PC bus specifications, see, 
Universal Serial Bus Specification, produced by Compact, 

35 Digital Equipment Corporation, IBM PC Company, Intel, 
Microsoft, and Northern Telecom, rev. 9, dated Mar. 31, 
1995 and subsequent revisions; see also, Guide to the 
Macintosh Family Hardware, by Apple Computer Inc., 2nd 
Ed. The entire disclosure of the foregoing documents are 

40 hereby incorporated herein by this reference. 

More particularly, although the module shown in FIG. 
37C may also be equipped with a "keyboard" or serial-type 
connector as shown in FIGS. 37A and B, a module is 
separately set forth in FIG. 37C for attachment to USB or 

45 IEEE1394 (firewire)-type buses to underscore the flexibility 
of the various attachment modalities available for encryption 
module 3702. With continued reference to FIG. 37 C, respec- 
tive input connections 3712, 3714, and 3716 may be 
employed to attach the encryption module with one or more 

50 external devices, for example integral or remote data acqui- 
sition devices, RF and IR couplers to printers, display 
devices, and the like. Of course, one or more of these 
connections could also be employed in conjunction with the 
embodiments shown in FIGS. 37A and B. One or more of 

55 connections 3712-3716 may also employ USBor firewire - 
type protocols; however, it may be advantageous to employ 
"protected" protocols for the non-encrypted inputs. 

Referring now to FIG. 38, a peripheral device 3802 
suitably comprises a PC peripheral, for example a PIN pad, 

60 keyboard, mouse, or similar data input device or, 
alternatively, module 3802 may suitably comprise a stand- 
alone encryption module, having one or more data input 
functions integral therewith and/or connectable thereto. The 
module schematically shown in FIG. 38 is a more general - 

65 ized version of the module shown in FIG. 37. In particular, 
module 3802 suitably comprises one or more connectors 
3810, 3812, 3814 or connection to one for more pieces of 
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hardware, for example a PC or ihe like. In addition, one or 
more of links 3810-3814 may be configured for connection 
to a high resolution video monitor using, for example, an 
IEEE 1394 "fire wire bus", or it may be configured for RF or 
IR communication with other systems. In addition, module 
3802 may suitably be configured to include one or more of 
respective connectors 3816, 3818, 3820 (and so on) for 
connection to one or more input peripherals (mouse, 
keyboard, scanner, voice input, etc.). In the context of the 
present invention, virtually any communication link may be 
employed, including any one or a combination of the fol- 
lowing: standard PC or other keyboard format; PS/2 format; 
Apple desktop bus (ADB); small computer system interface 
(SCSI); RS/232; parallel port; USB; IEEE1394 (fire wire); 
infrared; RF; fiber optics; PCMCIA; IDE; EIDE; SCSII; 
IEEE488, and the like. 

Referring now to FIG. 39, a more detailed schematic 
diagram of an exemplary encryption module or peripheral 
device analogous to that discussed in connection with FIGS. 
37 and 38 will now be described. 

An exemplary encryption module 3902 suitably 
comprises, in its simplest form, an acquisition input 3904 
and a PC connector 3926. As discussed above, acquisition 
input circuit 3904 may suitably include one or more data 
input modalities (e.g., ICC, keypad, magnetic stripe, and the 
like) which are integral with module 3902, connected to 
module 3902 either remotely or locally, or both. PC con- 
nection link 3926 is suitably configured to maintain com- 
munication between module 3902 and a desktop computer, 
laptop computer, notebook computer, or any other computer, 
peripheral, or other device to which it is desired to send 
encrypted data. Thus, connector 3926 may comprise an 
RS/232 connector, a PS/2 connector, a USB connector, an 
IEEE 1394 (fire wire) connector, or the like. 

Various essential components of module 3902 are omitted 
from the drawing for clarity, such as a processor or 
microcontroller, ROM for executing operating code, 
EEPROM for storing operating instructions, encryption 
software, and the like, RAM, power supply, and the like. 

With continued reference to FIG. 39, encryption module 
3902 also suitably includes an encryption engine 3924 to 
perform one or more different types of encryption (e.g., 
DES, RSA, elliptical curve public/private key management) 
using one or more encryption keys 3922 that are either 
resident and protected within encryption module 3902 (e.g., 
ROM, EEPROM) or which may be derived or retrieved by 
encryption module 3902, for example by communicating 
over one of the communication links associated with module 
3902 with a remote or local device connected to the module. 
In the case where the keys are resident and protected within 
module 3902, the module suitably includes means for pro- 
tecting the keys, for example, using interlocks which, when 
triggered by intruding or violating the device, will erase the 
contents of the volatile memory or otherwise destroy 
encryption keys 3922 or derivatives thereof. 

Encryption module 3902 may further comprise one or 
more exemplary connection links 3914, 3916, and 3918 (and 
so on) which may be connected to remote (or local) devices 
for receiving information, some of which may be desirably 
encrypted. In this way, confidential data may be obtained by 
module 3902, and manipulated, stored, or otherwise utilized 
by module 3902, in a secure (e.g., proprietary) environment. 
Moreover, some or all of the confidential data received by 
module 3902 may be encrypted, for example via encryption 
engine 3924, whereupon the encrypted data may be trans- 
mitted to a PC or other device via communication link 3926. 

In accordance with a further aspect of the present 
invention, additional communication links 3928, 3930, and 
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3932 may be provided to permit encrypted data to be 
transmitted to additional destinations. For example, it may 
be desirable to connect one of links 3928-3932 to a local or 
remote printer, for example to permit the printing of docu- 

5 ments (e.g., tickets to sporting events, concerts, and the like) 
which may comprise an encrypted portion, for example a 
two-dimensional bar code or other insignia. Alternatively, 
one or more of links 3928-3932 may be RF coupled, or 
connected in some other manner to an authorization network 

10 or other banking or related financial network, for example to 
permit module 3902 to obtain preauthorization or real-time 
authorization of a transaction while module 3902 is simul- 
taneously connected to a PC via communication link 3926. 
More particularly, module 3902 may be conveniently 

15 configured to communicate with a PC via communication 
link 3926. For example, while the user of a PC is connected 
to the Internet, reviewing various possible financial or other 
transactions, module 3902 may provide the ability to obtain 
transaction authorization while permitting the user of the PC 

20 connected via connector 3926 to remain on-line. For 
example, if the consumer is "shopping" on the Internet with 
his PC, and desires to effect a financial transaction, the 
consumer may obtain authorization for the transaction from 
a remote host via one of connectors 3928-3932. In this 

25 example, the remote host may prompt the user to input a PIN 
or other confidential piece of information, for example 
through an auxiliary speaker 3906, display 3908, or other 
device associated with module 3902. The user may then 
enter the confidential data through acquisition input circuit 

30 3904 or, alternatively, through one or more data input 
devices associated with connectors 3914—3918. Once the 
confidential data has been entered into module 3902, autho- 
rization for the transaction may be obtained, while main- 
taining a "fire wall" between the PC connected to connector 

35 3926 and the unencrypted data processed by module 3902. 
Once an authorization for the requested transaction has been 
obtained, that authorization number may be transmitted to 
the PC via connector 3926, and thereafter to the "merchant" 
with whom the consumer proposed to transact business on 

40 the Internet or other "shopping" environment. In accordance 
with a further aspect of this embodiment, the authorization 
number may be digitally signed by the remote host with its 
private encryption key prior to sending it to the encryption 
module. Accordingly, when the merchant receives the autho- 

45 rization number from the user via the encryption module, the 
merchant can authenticate the authorization number by 
checking or otherwise decrypting the digital signature. 

Alternatively, a user may desire to obtain digital cash, 
digitally signed documents, or other documents, data, or 

50 information which relate to a transaction or an application 
with which the user is involved. For example, while the user 
is operating his PC, which is connected to module 3902 via 
connector 3926, he may desire to contact a financial insti- 
tution or other entity via one of connectors 3928-3932 and 

55 perform the "encryption" function. For example, the user 
may enter data relating to a credit card account, bank 
account, or other data into acquisition input circuit 3904, and 
thereby retrieve digital coins or other encrypted data or 
information from a remote host, and thereafter use such 

60 encrypted data to perform an on-line or off-line transaction 
by transmitting the encrypted data to the PC, via encryption 
engine 3924, through connector 3926. In accordance with 
this aspect of the invention, the digital coins or other 
encrypted data may be stored in the encryption module or in 

65 a smart card for an unspecified amount of time prior to the 
user cashing in or otherwise using the digital money or other 
data. It will be appreciated that the foregoing examples may 
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be implemented via standard phone lines, modem hardware, 
RF couplers, LR coupling, data channels, or any other 
suitable modality. Indeed, it may be desirable to connect 
module 3902 to two or more PCs via links 3926-3932, 
wherein a first PC can be used to perform the on-line 5 
transaction, and the other PC may be used to obtain autho- 
rization. 

In addition, authorization, digital currency, and other data 
may be retrieved via a local or remote peripheral device or 
system which communicates with module 3902 on the 10 
"unencrypted" side of the software fire wall, i.e., via one of 
communication links 3914-3918, or through acquisition 
input circuit 3904. 

With continued reference to FIG. 39, a switch 3912 may 
suitably be employed to connect one or more of communi- is 
cation links 3914-3918, and acquisition input circuit 3904 to 
the PC via communication links 3926-3932. A suitable 
switch may also be employed to select one or more of 
communication links 3926-3932. Although the "switch" is 
schematically shown as a mechanical/electrical switch, it 20 
will be appreciated that virtually any type or combination of 
hardware, software, firmware, or hybrid switching and/or 
connecting modalities may be employed. 

With continued reference to FIG. 39, display 3908 may be 
conveniently employed to permit the user to review various 25 
data fields in "clear text" format to confirm the accuracy of 
a transaction. For example, the dollar amount of a transac- 
tion could be displayed on the display device 3908 before a 
purchase is made to ensure that the proper amount of the 
transaction has been entered. Indeed, virtually any data or 30 
information may be displayed by module 3902 in any 
convenient modality (e.g, display 3908, speaker 3906, or the 
like), even if that information is of a confidential nature, so 
long as the data is properly encrypted before being trans- 
mitted to the PC or other device via connection links 35 
3926-3932. In this way, the security of the confidential data 
prior to encryption is upheld, inasmuch as access from the 
PC to encryption module 3902 via communication links 
3914-3918 is quite difficult, if not impossible through 
known techniques. 40 

With continued reference to FIG. 39, a further embodi- 
ment of module 3902 suitably exhibits a "plug-and-play" 
capability. More particularly, software resident within mod- 
ule 3902 suitably includes a plurality of software drivers 
advantageously configured to identify and accommodate 45 
virtually any data input device, whether integral with or 
connected to module 3902, which may be employed with the 
module. In this way, off the shelf data acquisition devices 
(scanners, magnetic stripe readers, smart card readers, and 
the like) may be purchased separately from module 3902, so 
with the consumer enjoying the plug-and-play capability 
provided by the various software drivers which are prein- 
stalled into module 3902. 

Although the subject application has been described 
herein with reference to the appended drawing Figures, it 55 
will be appreciated that the scope of the invention is not so 
limited. Various modification in the design and implemen- 
tation of various components and method steps discussed 
herein may be made without departing from the spirit and 
scope of the invention, as set forth in the appended claims. 60 

I claim: 

1. A remote processing system, located at a first site, for 
interfacing with a host computer system located at a second 
site which is remote from said first site, the host computer 
system being of the type which includes a host modem and 65 
which is configured to facilitate financial transactions upon 
receipt from said remote processing system of a data packet 
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including an encrypted data field, said remote processing 
system comprising: 

a. a PC, comprising: 

(1) a first memory sector configured to store an inter- 
active software program; 

(2) a first processor configured to execute said software 
program; 

(3) an input port configured to communicate with said 
first processor; 

(4) a second modem configured to transmit said data 
packet from said PC to the host modem in accor- 
dance with said software program; and 

(5) a PC monitor having a two-dimensional, multi-line 
display; 

b. a PC keyboard and a second input device; 

c. an encryption module, configured to communicate with 
said second input device, connected in series between 
said PC keyboard and said input port, comprising: 

(1) an integral acquisition means; 

(2) a second processor configured to selectively encrypt 
data entered into said integral acquisition means and 
said second input device; and 

d. a data link configured to maintain communication 
between said encryption module and said PC input 
port. 

2. The remote processing system of claim 1, wherein said 
data link comprises a standard bi-directional interface bus. 

3. The remote processing system of claim 1, wherein said 
data link comprises an IR data link. 

4. A remote processing system, located at a first site, for 
interfacing with a host computer system located at a second 
site which is remote from said first site, the host computer 
system being of the type which includes a host modem and 
which is configured to facilitate financial transactions upon 
receipt from said remote processing system of a data packet 
including an encrypted data field, said remote processing 
system comprising: 

a. a PC, comprising: 

(1) a first memory sector configured to store an inter- 
active software program; 

(2) a first processor configured to execute said software 
program; 

(3) an input port configured to communicate with said 
first processor; 

(4) a second modem configured to transmit said data 
packet from said PC to the host modem in accor- 
dance with said software program; and 

(5) a PC monitor having a two-dimensional, multi-line 
display; 

(6) a PC keyboard; 

b. a second input device for receiving input data; 

c. an encryption module comprising: 

(1) acquisition input means for receiving input data; 

(2) an input port configured to interface with said 
second input device; and 

(3) a processor adapted to selectively encrypt said input 
data received from said acquisition input means and 
said second input device; 

d. a data link configured to maintain communication 
between said encryption module and said PC input 
port. 

5. The remote processing system of claim 4, wherein said 
acquisition input means comprises an alphanumeric keypad. 

6. The remote processing system of claim 4, wherein said 
acquisition input means comprises an apparatus configured 
to acquire biometric data. 
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7. The remote processing system of claim 4, wherein said 
acquisition input means comprises a magnetic stripe card 
reader. 

8. The remote processing system of claim 4, wherein said 
acquisition input means comprises a smartcard reader. 

9. The remote processing system of claim 4, wherein said 
input port is configured to interface with a PC mouse. 

10. The remote processing system of claim 4, wherein 
said input port is configured to interface with an integrated 
circuit card reader. 

11. The remote processing system of claim 4, wherein said 
input port is configured to interface with a means for 
scanning graphical codes. 

12. The remote processing system of claim 4, wherein 
said input port is configured to interface with a magnetic 
stripe card reader. 

13. The remote processing system of claim 4, wherein: 
said remote processing system further comprises an out- 
put peripheral; and 

said encryption module further comprises a second port 
configured to interface with said output peripheral. 

14. The remote processing system of claim 13, wherein 
said output peripheral comprises a means for printing a 
graphical representation of said encrypted data. 

15. The remote processing system of claim 13, wherein 
said output peripheral comprises a PC monitor having a 
two-dimensional, multi-line display. 
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16. The remote processing system of claim 13, wherein 
said output peripheral comprises a means for communicat- 
ing with a financial transaction authorization host. 

17. The remote processing system of claim 13, wherein 
5 said output peripheral comprises a standard computer 

printer. 

18. The remote processing system of claim 13, wherein 
said encryption module further comprises a speaker unit for 

10 providing audio information output. 

19. The remote processing system of claim 13, wherein 
said first processor is further configured to identify and 
accommodate said output peripheral. 

20. The remote processing system of claim 13, wherein 
55 said output peripheral is integral with said encryption mod- 
ule. 

21. The remote processing system of claim 4, wherein 
said encryption module further comprises an integral two- 
dimensional display screen. 

20 22. The remote processing system of claim 4, wherein 
said first processor is further configured to identify and 
accommodate said second input device. 

23. The remote processing system of claim 4, wherein 
said second input device is integral with said encryption 

25 module. 

* * * * * 
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